Companies Stockpiling Bitcoin in Anticipation of Ransomware Attacks

In the age of cyber threats, companies are stockpiling digital currency in preparation of future "ransomware" attacks — which have grown exponentially over the past few years.

The most recent attack, known as "WannaCry," took hundreds of thousands of computers' data files hostage unless users paid a $300 to $600 ransom via Bitcoin, a popular digital currency. Now many companies are maintaining a stash of the digital cash because of the rise of ransomware, according to cybersecurity experts and firms.

"It's one of the tools in their pockets," said cybersecurity and Bitcoin expert Florin Lazurca, the senior technical marketing manager for security at Citrix Systems. "It's one of the things where you might be trying to cover all your bases, and so it lets you still recover your data and network."

But it's recovery by giving in to the cybercriminals' demands, yet that is the only option for some companies who need immediate access to their data — such as hospitals and financial institutions — and have more money than technological prowess or time. Both were targeted in the recent hack.

A diverse group of British companies were asked whether they stockpiled digital currency in case of a ransomware attack. A third admitted that they did, although midsize companies were more likely to maintain stores of the cybercash.Phil McCausland / Citrix

According to research conducted by Citrix, about a third of British companies in 2016 retained a cache of digital monies as part of a strategy to "regain access to important intellectual property or business critical data." The same examination also found that half of those British businesses didn't back up their data once a day, a major fail-safe against such attacks.

It's necessary to keep Bitcoin on hand — which currently exchanges for about $1,800 per unit — because government agencies don't necessarily have a fix for institutions once hackers have taken hold of their files, and its cybercriminals' preferred payment method.

"Part of the everyday ransomware demand is Bitcoin, because it's easy to get and it's the currency of choice for the criminal underground," said cyber insurer Bob Wice, Beazley Group's U.S. leader of technology, media and business services.

Bitcoin can be stored in a digital wallets online or on a user's computer. Cybercriminals prefer Bitcoin as payment because of their near-anonymous nature. Any transaction can be seen via the currency's open ledger, but names don't have to be attached. It also requires no government or banking intermediary, and it works as simply as a file transfer between two people or organizations.

They're also extremely valuable, and volatile, as their worth has grown nearly 900 percent over the past two years, according to anti-money laundering software company Chainalysis.

One of Bitcoin enthusiast Mike Caldwell's coins in this photo illustration at his office in Sandy, Utah, from September 17, 2013.JIM URQUHART / Reuters file

So far, WannaCry ransoms have grossed a little more $80,000, Chainalysis reported. That's not a huge amount considering the malware's far reach. Also, most of the money was grossed via individual transactions, which means large companies likely didn't find paying the ransom necessary.

Nevertheless, many companies still feel compelled to keep Bitcoin on hand in case of future ransomware attacks.

"I've often heard expressed that intelligence agencies and law enforcement act on a reactive basis," said Dr. Simon Moores, Britain's former technology ambassador and chairman of the annual international e-Crime Congress. "Once it's into your system, there's not much they can do about it."

Moores explained that companies have accepted this type of hacking as reality, according to Citrix's findings. Although he declined to name companies, he said numerous organizations had told him privately that they keep electronic cash on hand in case of attack.

At times, they don't have another option.

"It's all well and good to catch up to the actors and prosecute them, but that doesn't help you if you happen to be a financial institution or a business and data is mission critical," Moores told NBC News.

And it's become more and more necessary as the rate of these malware attacks continues to increase.

“It's all well and good to catch up to the actors and prosecute them, but that doesn't help you if you happen to be a financial institution or a business and data is mission critical”

According to Beazley Group, the number of ransomware assaults quadrupled in 2016. It projects that attacks will double in 2017 — already noting a 35 percent uptick after the first financial quarter. That increase didn't account for the most recent cyberattack.

The insurance group, which specializes in cyber risk, has helped manage more than 5,000 hacking incidents since 2009. It said ransomware, "from the bad guy point of view," is low risk and high reward. It's not particularly sophisticated, but its massive volume will eventually lead to a payout.

"It really is knocking on a bunch of doors, if you will," Wice said. "If someone answers, you have access to encrypt their data. If they don't know any better and they're unsophisticated and don't know how to stop ransomware to stop hitting them, then they can be an easy target."